/[smecontribs]/rpms/smeserver-xt_geoip/contribs9/smeserver-xt_geoip-1.0.1-per_serv.patch
ViewVC logotype

Contents of /rpms/smeserver-xt_geoip/contribs9/smeserver-xt_geoip-1.0.1-per_serv.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.2 - (show annotations) (download)
Wed May 1 21:34:13 2019 UTC (5 years ago) by michel
Branch: MAIN
CVS Tags: smeserver-xt_geoip-1_0_1-18_el6_sme, smeserver-xt_geoip-1_0_1-20_el6_sme, smeserver-xt_geoip-1_0_1-14_el6_sme, smeserver-xt_geoip-1_0_1-17_el6_sme, smeserver-xt_geoip-1_0_1-24_el6_sme, smeserver-xt_geoip-1_0_1-23_el6_sme, smeserver-xt_geoip-1_0_1-26_el6_sme, smeserver-xt_geoip-1_0_1-25_el6_sme, smeserver-xt_geoip-1_0_1-12_el6_sme, smeserver-xt_geoip-1_0_1-16_el6_sme, smeserver-xt_geoip-1_0_1-15_el6_sme, smeserver-xt_geoip-1_0_1-22_el6_sme, smeserver-xt_geoip-1_0_1-21_el6_sme, smeserver-xt_geoip-1_0_1-13_el6_sme, smeserver-xt_geoip-1_0_1-19_el6_sme, HEAD
Changes since 1.1: +9 -8 lines 
* Wed Apr 24 2019 Michel Begue <mab974@gmail.com> 1.0.1-12.sme
- add per service management of GeoIP bans [SME: 10760]
1 diff -urN smeserver-xt_geoip-1.0.1.old/createlinks smeserver-xt_geoip-1.0.1/createlinks
2 --- smeserver-xt_geoip-1.0.1.old/createlinks 2019-05-02 00:12:10.000000000 +0400
3 +++ smeserver-xt_geoip-1.0.1/createlinks 2019-04-23 22:52:31.000000000 +0400
4 @@ -12,14 +12,16 @@
5 # links to add
6
7 # templates to expand
8 -for my $event (qw(xt_geoip-modify xt_geoip-update bootstrap-console-save console-save))
9 +for my $event (qw(xt_geoip-modify xt_geoip-update xt_geoip-service bootstrap-console-save console-save))
10 {
11 templates2events("/etc/rc.d/init.d/masq", $event);
12 templates2events("/etc/crontab", $event);
13 templates2events("/usr/share/xt_geoip/update_base", $event);
14 - if ($event ne 'xt_geoip-modify') {
15 - event_link("smeserver-xt_geoip-download-action", $event, "10");
16 }
17 +
18 +for my $event (qw(xt_geoip-update bootstrap-console-save console-save))
19 +{
20 + event_link("smeserver-xt_geoip-download-action", $event, "10");
21 }
22
23 # services to launch on event
24 @@ -29,4 +31,10 @@
25 "root/etc/e-smith/events/$event/services2adjust/masq");
26 }
27
28 +for my $event (qw(xt_geoip-service))
29 +{
30 + safe_symlink("adjust",
31 + "root/etc/e-smith/events/$event/services2adjust/masq");
32 +}
33 +
34 # actions to perform
35 diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/db/configuration/defaults/masq/XtServices smeserver-xt_geoip-1.0.1/root/etc/e-smith/db/configuration/defaults/masq/XtServices
36 --- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/db/configuration/defaults/masq/XtServices 1970-01-01 04:00:00.000000000 +0400
37 +++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/db/configuration/defaults/masq/XtServices 2019-04-24 14:38:38.000000000 +0400
38 @@ -0,0 +1 @@
39 +imaps,pop3s,sshd,ftp,ssmtpd
40 diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip
41 --- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip 2019-05-02 00:12:10.000000000 +0400
42 +++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip 2019-04-29 19:35:33.000000000 +0400
43 @@ -96,12 +96,12 @@
44
45 <entry>
46 <base>IPT_LIST</base>
47 - <trans>Geoip ban</trans>
48 + <trans>Stats of XT-geoip prevented connections</trans>
49 </entry>
50
51 <entry>
52 <base>SSH_LIST</base>
53 - <trans>Ssh errors</trans>
54 + <trans>Stats of SSH errors not blocked by XT-geoip</trans>
55 </entry>
56
57 <entry>
58 @@ -129,4 +129,72 @@
59 </trans>
60 </entry>
61
62 + <entry>
63 + <base>SERVICE_DESCRIPTION</base>
64 + <trans><![CDATA[ <h2> Per service filtering for Xtables GeoIP</h2><ul>
65 + <li>If you want different filtering for certain services</li>
66 + </ul><p><i></i></p> ]]>
67 + </trans>
68 + </entry>
69 +
70 + <entry>
71 + <base>LABEL_SERVICE</base>
72 + <trans>Service name : </trans>
73 + </entry>
74 +
75 + <entry>
76 + <base>PER_SERVICE_GEOIP</base>
77 + <trans>-> Services</trans>
78 + </entry>
79 +
80 + <entry>
81 + <base>ADD_SERVICE</base>
82 + <trans>Add or modify a per service filtering</trans>
83 + </entry>
84 +
85 + <entry>
86 + <base>ADD_DESC</base>
87 + <trans>You are choosing a particular country filtering for this service</trans>
88 + </entry>
89 +
90 + <entry>
91 + <base>REMOVE_SERVICE</base>
92 + <trans>Delete a per service filtering</trans>
93 + </entry>
94 +
95 + <entry>
96 + <base>REMOVE_DESC</base>
97 + <trans>You are deleting a filtering by service. The general filtering will then apply.</trans>
98 + </entry>
99 +
100 + <entry>
101 + <base>SERV_NOT_BAN</base>
102 + <trans>Unfiltered service.</trans>
103 + </entry>
104 +
105 + <entry>
106 + <base>NO_SERVICES</base>
107 + <trans>No services.</trans>
108 + </entry>
109 +
110 + <entry>
111 + <base>LABEL_SERV_BADCOUNTRIES_STATUS</base>
112 + <trans>List of rejected country codes for the service : </trans>
113 + </entry>
114 +
115 + <entry>
116 + <base>SUCCESSFULLY_DELETED_SERVICE</base>
117 + <trans>Per service filtering successfully deleted... New filtering taken into account.</trans>
118 + </entry>
119 +
120 + <entry>
121 + <base>BADCOUNTRIES</base>
122 + <trans>Blacklist</trans>
123 + </entry>
124 +
125 + <entry>
126 + <base>ERR_COUNTRY_MAX: {$ctr}</base>
127 + <trans>Too many countries chosen: {$ctr}</trans>
128 + </entry>
129 +
130 </lexicon>
131 diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip
132 --- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip 2019-05-02 00:12:10.000000000 +0400
133 +++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip 2019-04-29 19:33:56.000000000 +0400
134 @@ -43,15 +43,16 @@
135
136 <entry>
137 <base>XT_GEOIP_STATUS_DESCRIPTION</base>
138 - <trans><![CDATA[ <ul> <li>Le filtrage IP peut être activé ou désactivé à l'aide du bouton adéquat</li>
139 + <trans><![CDATA[ <h2>Filtrage général pour Xtables GeoIP </h2>
140 + <ul> <li>Le filtrage IP peut être activé ou désactivé à l'aide du bouton adéquat</li>
141 <li>Les codes des pays à bannir peut être saisis dans le champ correspondant</li>
142 <li>Une mise à jour immédiate de la table peut être demandée ici.</li></ul>
143 - <p><i>Attention à ne pas bannir les adresses IP nécessaires au fonctionnement de votre serveur !</i></p> <br><br> ]]></trans>
144 + <p><i>Attention à ne pas bannir les adresses IP nécessaires au fonctionnement de votre serveur !</i></p> <br> ]]></trans>
145 </entry>
146
147 <entry>
148 <base>LABEL_BADCOUNTRIES_STATUS</base>
149 - <trans>Liste actuelle des codes pays rejetés : </trans>
150 + <trans>Liste générale des codes pays rejetés : </trans>
151 </entry>
152
153 <entry>
154 @@ -60,12 +61,6 @@
155 </entry>
156
157 <entry>
158 - <base>ERR_COUNTRY_MAX: {$ctr}</base>
159 - <trans>Code pays, maximum atteint: {$ctr}</trans>
160 - </entry>
161 -
162 -
163 - <entry>
164 <base>LABEL_BADCOUNTRIES</base>
165 <trans>Nouveaux codes pays à utiliser :</trans>
166 </entry>
167 @@ -98,14 +93,15 @@
168
169 <entry>
170 <base>IPT_LIST</base>
171 - <trans>Geoip stop</trans>
172 + <trans>Stats des connexions évitées à l'aide de XT-geoip</trans>
173 </entry>
174
175 <entry>
176 <base>SSH_LIST</base>
177 - <trans>Ssh erreurs</trans>
178 + <trans>Stats des erreurs SSH non bloquées par XT-geoip</trans>
179 </entry>
180
181 +
182 <entry>
183 <base>STATS_GENERATED</base>
184 <trans>Statistiques générées</trans>
185 @@ -123,12 +119,80 @@
186
187 <entry>
188 <base>STATS_DESCRIPTION</base>
189 - <trans><![CDATA[ <h3>Statistiques pour Xtables GeoIP</h3><ul>
190 + <trans><![CDATA[ <h2>Statistiques pour Xtables GeoIP </h2><ul>
191 <li>Pour 3 périodes : Jour, Semaine et Mois</li>
192 <li>Ips bloqués par pays triés par score</li>
193 <li>Erreurs Ssh par pays triées par score </li>
194 </ul><p><i>XX signifie Pays non trouvé !</i></p> ]]>
195 </trans>
196 </entry>
197 +
198 + <entry>
199 + <base>SERVICE_DESCRIPTION</base>
200 + <trans><![CDATA[ <h2> Filtrage par service pour Xtables GeoIP</h2><ul>
201 + <li>Si vous souhaitez un filtrage différent pour certains services</li>
202 + </ul><p><i></i></p> ]]>
203 + </trans>
204 + </entry>
205 +
206 + <entry>
207 + <base>LABEL_SERVICE</base>
208 + <trans>Nom du service : </trans>
209 + </entry>
210 +
211 + <entry>
212 + <base>PER_SERVICE_GEOIP</base>
213 + <trans>-> Services</trans>
214 + </entry>
215 +
216 + <entry>
217 + <base>ADD_SERVICE</base>
218 + <trans>Ajouter ou modifier un fitrage par service</trans>
219 + </entry>
220 +
221 + <entry>
222 + <base>ADD_DESC</base>
223 + <trans>Vous allez choisir un filtrage pays particulier pour ce service</trans>
224 + </entry>
225 +
226 + <entry>
227 + <base>REMOVE_SERVICE</base>
228 + <trans>Supprimer un fitrage par service</trans>
229 + </entry>
230 +
231 + <entry>
232 + <base>REMOVE_DESC</base>
233 + <trans>Vous allez supprimer un filtrage par service. Le filtrage général va alors s'appliquer.</trans>
234 + </entry>
235 +
236 + <entry>
237 + <base>SERV_NOT_BAN</base>
238 + <trans>Service non filtré.</trans>
239 + </entry>
240 +
241 + <entry>
242 + <base>NO_SERVICES</base>
243 + <trans>Aucun service.</trans>
244 + </entry>
245 +
246 + <entry>
247 + <base>LABEL_SERV_BADCOUNTRIES_STATUS</base>
248 + <trans>Liste des codes pays rejetés du service : </trans>
249 + </entry>
250 +
251 + <entry>
252 + <base>SUCCESSFULLY_DELETED_SERVICE</base>
253 + <trans>Suppression du service réussi... Nouveau filtrage pris en compte.</trans>
254 + </entry>
255 +
256 + <entry>
257 + <base>BADCOUNTRIES</base>
258 + <trans>Liste noire</trans>
259 + </entry>
260 +
261 + <entry>
262 + <base>ERR_COUNTRY_MAX: {$ctr}</base>
263 + <trans>Code(s) pays inexistant(s) sur le serveur: {$listerr}</trans>
264 + </entry>
265
266 </lexicon>
267 diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip
268 --- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-05-02 00:12:10.000000000 +0400
269 +++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-04-24 17:24:02.000000000 +0400
270 @@ -7,16 +7,54 @@
271 my $PATH_MODULE = "/lib/modules/$KERNEL/extra/xt_geoip.ko";
272 my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko";
273 my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko";
274 - if ($GP eq 'enabled' and $BC ne '')
275 + my $port;
276 + my $locPorts;
277 + my $servStatus;
278 + my $locBC;
279 + if ($GP eq 'enabled')
280 {
281 if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE)
282 {
283 - $OUT .= " ## xtables-addons GEOIP ##\n";
284 - $OUT .= " /sbin/iptables -A INPUT -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n";
285 - $OUT .= " /sbin/iptables -A INPUT -m geoip --src-cc $BC -j DROP\n";
286 - $OUT .= " ## xtables-addons GEOIP ##\n";
287 - } else
288 - { $OUT .= " # module xt_geoip not found for current kernel"; }
289 - } else
290 - { $OUT .= " # xt_geoip disabled or no 'BadCountries' defined\n"; }
291 + # to allow reload
292 + $OUT .=<<'EOF';
293 + # A blacklist chain for xtables-addons GEOIP
294 + /sbin/iptables --new-chain XTGeoIP
295 + /sbin/iptables --new-chain XTGeoIP_1
296 + /sbin/iptables --append XTGeoIP -j XTGeoIP_1
297 + /sbin/iptables --insert INPUT 1 \
298 + -j XTGeoIP
299 +EOF
300 + ##adding here for service specific
301 + $locPorts='';
302 +
303 + my @services = split(/,/, $masq{'XtServices'});
304 + foreach my $servName (@services)
305 + {
306 + $port = ${$servName}{'TCPPort'} || '';
307 + my $servStatus = ${$servName}{'status'} || 'disabled';
308 + my $servAccess = ${$servName}{'access'} || 'private';
309 + my $locBC = ${$servName}{'BadCountries'} || '';
310 + if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') {
311 + $locPorts .= "$port,";
312 + $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n";
313 + $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n";
314 + }
315 + }
316 +
317 + # block for other or all should move there
318 + if ($BC ne '') {
319 + if ($locPorts ne '') {
320 + $locPorts = substr $locPorts, 0, -1;
321 + $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n";
322 + $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j DROP\n";
323 + } else {
324 + $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n";
325 + $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip --src-cc $BC -j DROP\n";
326 + }
327 + }
328 + $OUT .= " /sbin/iptables --append XTGeoIP_1" .
329 + " -j RETURN\n";
330 + ## end of add
331 + } else { $OUT .= " # module xt_geoip not found for current kernel\n"; }
332 + } else { $OUT .= " # xt_geoip disabled\n"; }
333 }
334 diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip
335 --- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip 1970-01-01 04:00:00.000000000 +0400
336 +++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip 2019-04-24 17:24:22.000000000 +0400
337 @@ -0,0 +1,81 @@
338 +{
339 + my $BC = $masq{BadCountries} || '';
340 + my $GP = $masq{GeoIP} || 'disabled';
341 + my $KERNEL = `/bin/uname -r`;
342 + chomp($KERNEL);
343 + my $PATH_MODULE = "/lib/modules/$KERNEL/extra/xt_geoip.ko";
344 + my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko";
345 + my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko";
346 + my $port;
347 + my $locPorts;
348 + my $servStatus;
349 + my $locBC;
350 +
351 +
352 + # Find the current XTGeoIP_$$ chain, and create a new one.
353 + $OUT .=<<'EOF';
354 + OLD_XTGeoIP=$(get_safe_id XTGeoIP filter find)
355 + NEW_XTGeoIP=$(get_safe_id XTGeoIP filter new)
356 + /sbin/iptables --new-chain $NEW_XTGeoIP
357 +EOF
358 +
359 + if ($GP eq 'enabled' and $BC ne '')
360 + {
361 + if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE)
362 + {
363 + # add content here
364 + $locPorts = '';
365 + my @services = split(/,/, $masq{'XtServices'});
366 +
367 + foreach my $servName (@services)
368 + {
369 + $port = ${$servName}{'TCPPort'} || '';
370 + my $servStatus = ${$servName}{'status'} || 'disabled';
371 + my $servAccess = ${$servName}{'access'} || 'private';
372 + my $locBC = ${$servName}{'BadCountries'} || '';
373 + if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') {
374 + $locPorts .= "$port,";
375 + $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n";
376 + $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n";
377 + }
378 + }
379 +
380 + ##adding here for service specific
381 + # imaps 993
382 + #$locBC = $imaps{BadCountries} || '';
383 + #$servStatus = $imaps{'status'} || 'disabled';
384 + #$port = $imaps{'TCPPort'} || '993';
385 + #if ($servStatus eq 'enabled' and $locBC ne '') {
386 + # $locPorts .= "${port},";
387 + # $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: IMAPS\"\n";
388 + # $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n";
389 + #}
390 +
391 + # block for all or other ports should move there
392 + if ($BC ne '') {
393 + if ($locPorts ne '') {
394 + $locPorts = substr $locPorts, 0, -1;
395 + $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n";
396 + $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j DROP\n";
397 + } else {
398 + $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n";
399 + $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip --src-cc $BC -j DROP\n";
400 + }
401 + }
402 + $OUT .= " /sbin/iptables --append \$NEW_XTGeoIP" .
403 + " -j RETURN\n";
404 + ## end of add
405 +
406 + }
407 + }
408 +
409 +
410 + # Having created a new XTGeoIP chain, activate it and destroy the old.
411 + $OUT .=<<'EOF';
412 + /sbin/iptables --replace XTGeoIP 1 \
413 + --jump $NEW_XTGeoIP
414 + /sbin/iptables --flush $OLD_XTGeoIP
415 + /sbin/iptables --delete-chain $OLD_XTGeoIP
416 +EOF
417 +
418 +}
419 diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/web/functions/xt_geoip
420 --- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/web/functions/xt_geoip 2019-05-02 00:12:10.000000000 +0400
421 +++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/web/functions/xt_geoip 2019-05-02 00:01:09.000000000 +0400
422 @@ -2,9 +2,9 @@
423 # vim: set ft=xml:
424
425 #----------------------------------------------------------------------
426 -# heading : Administration
427 +# heading : Security
428 # description : GeoIP IP filtering
429 -# navigation : 4000 4900
430 +# navigation : 5000 5610
431 #----------------------------------------------------------------------
432 # copyright (C) 2007 Mitel Networks Corporation
433 #
434 @@ -67,11 +67,10 @@
435 header="/etc/e-smith/web/common/head.tmpl"
436 footer="/etc/e-smith/web/common/foot.tmpl">
437
438 - <page name="First"
439 - pre-event="print_status_message()">
440 - # post-event="wherenext('Second')" >
441 - # Ssh Ipt Second
442 + <page name="First" pre-event="print_status_message()">
443 + # post-event="wherenext('Second')"
444 <description>XT_GEOIP_STATUS_DESCRIPTION</description>
445 +
446 <field
447 type="literal"
448 id="geoip"
449 @@ -100,7 +99,13 @@
450 <label> </label>
451 </field>
452
453 - <field type="literal" id="client_label" value="">
454 + <field type="literal" id="service_label" value="">
455 + <description>SERVICE_DESCRIPTION</description>
456 + </field>
457 +
458 + <subroutine src="print_custom_button('PER_SERVICE_GEOIP', 'Service', '')"/>
459 +
460 + <field type="literal" id="stats_label" value="">
461 <description>STATS_DESCRIPTION</description>
462 </field>
463
464 @@ -110,9 +115,9 @@
465 <subroutine src="print_button('NEXT')" />
466 </page>
467
468 - <page name="Second"
469 - pre-event="turn_off_buttons"
470 - post-event="change_settings()">
471 +
472 +
473 + <page name="Second" pre-event="turn_off_buttons" post-event="change_settings()">
474
475 <field
476 type="select"
477 @@ -153,9 +158,84 @@
478 </page>
479
480
481 - <page name="Stats"
482 - pre-event="generateStats"
483 - post-event="wherenext('First')" >
484 + <page name="Service" pre-event="print_status_message()" post-event="wherenext('First')">
485 + <description>SERVICE_DESCRIPTION</description>
486 + <field
487 + type="literal"
488 + id="badcountries"
489 + value="get_badcountries()">
490 + <label>LABEL_BADCOUNTRIES_STATUS</label>
491 + </field>
492 + <subroutine src="print_service_table()" />
493 + <subroutine src="print_button('NEXT')"/>
494 + </page>
495 +
496 +
497 +
498 + <page name="SrvModify" pre-event="turn_off_buttons()" post-event="modify_serv()">
499 +
500 + <title>ADD_SERVICE</title>
501 + <description>ADD_DESC</description>
502 +
503 + <field
504 + type="literal"
505 + id="service"
506 + value="get_srv_name()">
507 + <label>LABEL_SERVICE</label>
508 + </field>
509 +
510 + <field
511 + type="literal"
512 + id="badcountries"
513 + value="get_badcountries()">
514 + <label>LABEL_BADCOUNTRIES_STATUS</label>
515 + </field>
516 +
517 + <field
518 + type="text"
519 + id="masq_srv_badcountries"
520 + size="64"
521 + validation="srv_must_exist()">
522 + <label>LABEL_BADCOUNTRIES</label>
523 + <description>DESC_BADCOUNTRIES</description>
524 + </field>
525 +
526 + <field
527 + type="literal"
528 + id="srv_badcountries"
529 + value="get_srv_badcountries()">
530 + <label>LABEL_SERV_BADCOUNTRIES_STATUS</label>
531 + </field>
532 +
533 + <subroutine src="print_button('SAVE')" />
534 + </page>
535 +
536 +
537 + <page name="SrvRemove" pre-event="turn_off_buttons()" post-event="remove_serv()">
538 +
539 + <title>REMOVE_SERVICE</title>
540 + <description>REMOVE_DESC</description>
541 +
542 + <field
543 + type="literal"
544 + id="service"
545 + value="get_srv_name()">
546 + <label>LABEL_SERVICE</label>
547 + </field>
548 +
549 + <field
550 + type="literal"
551 + id="badcountries"
552 + value="get_srv_badcountries()">
553 + <label>LABEL_SERV_BADCOUNTRIES_STATUS</label>
554 + </field>
555 +
556 + <subroutine src="print_button('REMOVE')" />
557 +
558 + </page>
559 +
560 +
561 + <page name="Stats" pre-event="generateStats" post-event="wherenext('First')">
562 <subroutine src="print_button('NEXT')"/>
563 </page>
564
565
566 diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm smeserver-xt_geoip-1.0.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm
567 --- smeserver-xt_geoip-1.0.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm 2019-05-02 00:12:10.000000000 +0400
568 +++ smeserver-xt_geoip-1.0.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm 2019-05-02 01:28:49.000000000 +0400
569 @@ -11,6 +11,7 @@
570 use esmith::FormMagick;
571 use esmith::ConfigDB;
572 use esmith::util;
573 +use esmith::cgi;
574 use File::Basename;
575 use Exporter;
576 use POSIX qw(strftime);
577 @@ -22,6 +23,15 @@
578 get_value
579 get_badcountries
580 get_geoip
581 + print_service_table
582 + get_stat_geoip
583 + print_custom_button
584 + generateStats
585 + get_srv_name
586 + get_srv_badcountries
587 + remove_serv
588 + modify_serv
589 + srv_must_exist
590 get_date_update
591 change_settings
592 must_exist
593 @@ -214,7 +224,7 @@
594 my @mq_bcs = split /[,:]/, $q->param("masq_badcountries");
595 if (@mq_bcs) {
596 my $ctr = @mq_bcs;
597 - return $self->localise('ERR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50);
598 + return $self->localise('ERROR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50);
599
600 foreach my $bcs (@mq_bcs) {
601 my $file = "/usr/share/xt_geoip/LE/" . $bcs . ".iv4";
602 @@ -248,7 +258,7 @@
603 $stats_type =~ /(.+)/; $stats_type = $1;
604 if ($stats_type ne "ipt" && $stats_type ne "ssh")
605 {
606 - print $q->p($q->b($self->localise('INVALID_STATS_TYPE').
607 + print $q->p($q->b($self->localise('INVALID_STATS_TYPE')." ".
608 $stats_type));
609 return '';
610 } else {
611 @@ -270,8 +280,174 @@
612 print "</pre>\n";
613
614 print $q->h3($self->localise('END_OF_STATS'));
615 + $self->wherenext('First');
616 return '';
617 }
618 }
619
620 +sub get_srv_name
621 +{
622 + my ($self) = @_;
623 + return $self->cgi->param('name');
624 +}
625 +
626 +sub get_srv_badcountries
627 +{
628 + my ($self) = @_;
629 + my $name = $self->cgi->param('name');
630 + return $db->get_prop($name, "BadCountries");
631 +}
632 +
633 +sub print_service_table {
634 + my $self = shift;
635 + my $q = $self->{cgi};
636 + my $servname = $self->localise('NAME');
637 + my $port = $self->localise('PORT');
638 + my $status = $self->localise('STATUS');
639 + my $access = $self->localise('ACCESS');
640 + my $servBC = $self->localise('BADCOUNTRIES');
641 + my $modify = $self->localise('MODIFY');
642 + my $remove = $self->localise('REMOVE');
643 + my $action_h = $self->localise('ACTION');
644 +
645 + my @services = split(/,/, $db->get_prop("masq", "XtServices"));
646 + #my @services = ('imaps','pop3s','sshd','ftp','ssmtpd');
647 +
648 + unless ( scalar @services )
649 + {
650 + print $q->Tr($q->td($self->localise('NO_SERVICES')));
651 + return "";
652 + }
653 +
654 + print $q->start_table({-CLASS => "sme-border"}),"\n";
655 + print $q->Tr (
656 + esmith::cgi::genSmallCell($q, $servname,"header"),
657 + esmith::cgi::genSmallCell($q, $port,"header"),
658 + esmith::cgi::genSmallCell($q, $status,"header"),
659 + esmith::cgi::genSmallCell($q, $access,"header"),
660 + esmith::cgi::genSmallCell($q, $servBC,"header"),
661 + esmith::cgi::genSmallCell($q, $action_h,"header", 2)),"\n";
662 +
663 + my $scriptname = basename($0);
664 +
665 + foreach my $servname (@services)
666 + {
667 + my $i = $db->get($servname);
668 +
669 + my $port = $i->prop('TCPPort');
670 + my $status = $i->prop('status');
671 + my $access = $i->prop('access');
672 + my $servBC = $i->prop('BadCountries') || ' ';
673 +
674 + my $params = $self->build_serv_cgi_params($servname, $i->props());
675 +
676 + my $href = "$scriptname?$params&action=modify&wherenext=";
677 +
678 + my $actionModify = '&nbsp;';
679 + $actionModify .= $q->a({href => "${href}SrvModify"},$modify)
680 + . '&nbsp;';
681 +
682 + my $actionRemove = '&nbsp;';
683 + $actionRemove .= $q->a({href => "${href}SrvRemove"}, $remove)
684 + . '&nbsp';
685 +
686 + my $color = 'red';
687 + if ($status eq 'disabled' || $access ne 'public') { $color = 'green'; }
688 + print $q->Tr (
689 + esmith::cgi::genSmallCell($q, $servname,"normal"),
690 + esmith::cgi::genSmallCell($q, $port,"normal"),
691 + esmith::cgi::genSmallCell($q, $status,"header"),
692 + esmith::cgi::genSmallCell($q, $access,"header"),
693 + esmith::cgi::genSmallCell($q, "<font color='$color'>" . $servBC . "</font>","header"),
694 + esmith::cgi::genSmallCell($q, $actionModify,"normal"),
695 + esmith::cgi::genSmallCell($q, $actionRemove,"normal"));
696 + }
697 +
698 + print $q->end_table,"\n";
699 +
700 + return "";
701 +}
702 +
703 +sub build_serv_cgi_params {
704 + my ($self, $servname, %oldprops) = @_;
705 +
706 + my %props = (
707 + page => 0,
708 + page_stack => "",
709 + name => $servname,
710 + );
711 +
712 + return $self->props_to_query_string(\%props);
713 +}
714 +
715 +sub remove_serv {
716 + my ($self) = @_;
717 + my $name = $self->cgi->param('name');
718 + if (my $serv = $db->get($name)) {
719 + my $servBC = $serv->prop('BadCountries') || '';
720 + if ($servBC ne '') {
721 + $db->set_prop($name, "BadCountries", '');
722 + # Untaint $name before use in system()
723 + # $name =~ /(.+)/; $name = $1;
724 + if (system ("/sbin/e-smith/signal-event", "xt_geoip-service") == 0)
725 + {
726 + return $self->success("SUCCESSFULLY_DELETED_SERVICE");
727 + } else {
728 + return $self->error("ERROR_WHILE_DELETING_SERVICE");
729 + }
730 + } else {
731 + return $self->success('NO_CHANGE');
732 + }
733 +
734 + } else {
735 + $self->error('CANT_FIND_SERV');
736 + }
737 + $self->wherenext('First');
738 +}
739 +
740 +sub modify_serv {
741 + my ($self) = @_;
742 + my $name = $self->cgi->param('name');
743 + if (my $serv = $db->get($name)) {
744 + my $servBC = $serv->prop('BadCountries') || '';
745 +
746 + my $q = $self->{'cgi'};
747 + my $n_servBC = $q->param("masq_srv_badcountries") || $servBC;
748 +
749 + if ($n_servBC eq $servBC) {
750 + return $self->success("NO_CHANGE")
751 + }
752 + $db->set_prop($name, "BadCountries", $n_servBC);
753 +
754 + if (system ( "/sbin/e-smith/signal-event", "xt_geoip-service" ) == 0 )
755 + {
756 + return $self->success("SUCCESS");
757 + } else {
758 + return $self->error("ERROR_UPDATING");
759 + }
760 + } else {
761 + $self->error('CANT_FIND_SERV');
762 + }
763 + $self->wherenext('First');
764 +}
765 +
766 +sub srv_must_exist
767 +{
768 + my $self = shift;
769 + my $q = $self->{cgi};
770 + my $listerr = "";
771 + my @mq_bcs = split /[,:]/, $q->param("masq_srv_badcountries");
772 + if (@mq_bcs) {
773 + my $ctr = @mq_bcs;
774 + return $self->localise('ERROR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50);
775 +
776 + foreach my $bcs (@mq_bcs) {
777 + my $file = "/usr/share/xt_geoip/LE/" . $bcs . ".iv4";
778 + if (! -f $file) { $listerr .= $bcs . ","; }
779 + }
780 + return $self->localise('ERR_COUNTRY_NOT_EXIST: {$listerr}', {listerr=> "$listerr"}) if $listerr;
781 + }
782 + return 'OK';
783 +}
784 +
785 1;
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed